Strange contained comodo exe !?

Products Endpoint Protection
1

I Am I the only one who have files like C:\ProgramData\Comodo\Cis empscrpt\C_cmd.exe_741EA2FAA25CB0***17E539C7045EADF.bat that pops up regularly on users computers as contained ? is it something standard from the Comodo Endpoint that we could consider as false positive and put in exclusion list ?

2

Hi @rbo,

We need to rate the file “C_cmd.exe_741E A2FAA25CB0***17E539C7045EADF.bat” as Trusted from EM Portal

Please follow the provided instructions

Step 1: EM Portal > SECURITY SUB-SYSTEMS > Containment and use the filter from the right for searching this file using:

Step 2: File name as C_cmd.exe_741E A2FAA25CB017E539C7045EADF.bat OR
File path as C:\ProgramData\Comodo\Cis empscrpt\C_cmd.exe_741E A2FAA25CB017E539C7045EADF.bat

Step 3: Rate the file as “Trusted”

Please reach us if you still have any issues.

Kind Regards,
PremJK

3

Hi, Thank you, for 1 time I was aware already about the solution, I was just asking support if this file was legitimate or not, your answer mean yes, so I manually trusted it. Question 2: is there a way to receive email notification when such activity occur on users computers, to be proactive ?

4

issue is back,

added

“C:\ProgramData\Comodo\Cis empscrpt\C_cmd.exe_*” in the list of trusted apps.

(Settings / System Templates / File groups variables / Trusted applications):cool:

5

Hi @rbo,

Please check your Inbox for a private message and follow the instructions provided. Please let us know if you still face an issue.

Kind Regards,
PremJK

6

Hello @rbo ,

About your second question:

1- You can create a security events monitor with condition “Unknown application running inside container”,
2- Change alert settings of the monitor to be able to get notification email to desired email address(es)
3- then put the monitor under Profiles -> {selected_profile] -> Monitors section.

This way, once an application is contained, you will be able to get notified once an application gets contained.

For more information, please check out Itarian Product Help and Support | Itarian Community

Best regards,
Ilgaz

7

Thank you,

configuration applied, monitoring configured !